IN THE CLAIMS; 

Please amend claim 40 as indicated below. 

1. (Original) A method for accessing a service in a distributed computing environment, 
comprising: 

a client receiving a capability credential, wherein said capability credential 
indicates that the client is allowed to access a portion of a first service's 
capabilities; 

the client using said capability credential to request an access interface document 
to access the first service; 

the client receiving said access interface document, wherein said access interface 
document comprises an interface for accessing only said portion of the 
first service's capabilities; and 

the client using the interface from said access interface document to access a 
capability from said portion of the first service's capabilities. 

2. (Original) The method as recited in claim 1, wherein said using said capability 
credential to request an access interface document comprises sending an advertisement 
request message in a data representation language, wherein said advertisement request 
message includes said capability credential. 

3. (Original) The method as recited in claim 2, wherein said data representation 
language is extensible Markup Language (XML). 

4. (Original) The method as recited in claim 2, further comprising: 
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generating a custom advertisement in response to receiving said advertisement 
request message, said custom advertisement is generated according to said 
portion of the first service's capabilities that said capability credential 
indicates the client is allowed to access; and 

sending an advertisement request response message to the client, wherein said 
advertisement request response message includes said custom 
advertisement as said access interface document. 

5. (Original) The method as recited in claim 4, wherein said custom advertisement 
specifies an XML schema defining messages to be sent by the client to the first service 
and messages to be sent from the first service to the client to use said portion of the first 
service's capabilities. 

6. (Original) The method as recited in claim 1, further comprising the client receiving a 
protected advertisement for the first service, wherein said protected advertisement 
provides an address to request said security credential, but does not provide said access 
interface document to access the first service. 

7. (Original) The method as recited in claim 6, further comprising the client sending a 
request for said security credential to the address from said protected advertisement, 
wherein said request for said security credential includes an indication of a set of desired 
capabilities for the first service. 

8. (Original) The method as recited in claim 7, wherein said address from said protected 
advertisement is for an authentication service that determines a level of capabilities of the 
first service that client is authorized to access and generates said security credential to 
grant access for the client to said portion of the first service's capabilities. 
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9. (Original) The method as recited in claim 8, wherein said portion of the first 
service's capabilities is the lesser of said level of capabilities and said set of desired 
capabilities. 

10. (Original) The method as recited in claim 8, wherein said receiving a capability 
credential comprises receiving said capability credential from said authentication service. 

1 1 . (Original) The method as recited in claim 6, wherein said protected advertisement 
further provides an address to request said access interface document to access the first 
service, wherein said using said capability credential to request an access interface 
comprises sending an advertisement request message to said address to request said 
access interface document. 

12. (Original) The method as recited in claim 6, wherein said receiving a protected 
advertisement comprises receiving said protected advertisement from a space service, 
wherein said space service comprises protected advertisements for a plurality of services 
including the first service, wherein each protected advertisement specifies an address for 
request a security credential to allow access to a corresponding service. 

13. (Original) The method as recited in claim 1, wherein said access interface document 
comprises a schema defining messages for accessing said portion of the first service's 
capabilities, wherein said using the interface from said access interface document to 
access a capability comprises sending a message according to said schema to the first 
service. 

14. (Original) The method as recited in claim 13, wherein said message includes said 
capability credential, the method further comprising the first service using said capability 
credential to authenticate said message as from the client. 

15. (Original) The method as recited in claim 1, wherein said access interface document 
comprises a message schema defining messages for accessing said portion of the first 
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service's capabilities, wherein said using the interface from said access interface 
document to access a capability comprises the client using said access interface document 
to construct a message gate for sending messages to the first service, wherein the 
message gate embeds said capability credential in each message. 

16. (Original) The method as recited in claim 15, wherein the message gate checks each 
message for compliance with said message schema. 

17. (Original) The method as recited in claim 16, wherein said message schema is an 
XML schema. 

18. (Original) A client device, comprising: 

a connection to a distributed computing environment; 

an interface coupled to said connection and configured to receive over the 
connection a capability credential, wherein said capability credential 
indicates that a client on the client device is allowed to access a portion of 
a first service's capabilities; 

wherein the interface is further configured to use said capability credential to 
request an access interface document to access the first service; 

wherein the interface is further configured to receive said access interface 
document over the connection, wherein said access interface document 
comprises an information for accessing only said portion of the first 
service's capabilities; and 

wherein the interface is further configured to use the information from said access 
interface document to access over the connection a capability from said 
portion of the first service's capabilities. 
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19. (Original) The client device as recited in claim 18, wherein the interface is 
configured to use said capability credential to request an access interface document by 
sending an advertisement request message in a data representation language, wherein said 
advertisement request message includes said capability credential. 

20. (Original) The client device as recited in claim 19, wherein said data representation 
language is extensible Markup Language (XML). 

21. (Original) The client device as recited in claim 19, wherein the interface is further 
configured to receive an advertisement request response message including a custom 
advertisement, wherein said custom advertisement is generated according to said portion 
of the first service's capabilities that said capability credential indicates the client is 
allowed to access. 

22. (Original) The client device as recited in claim 21, wherein said custom 
advertisement specifies an XML schema defining messages to be sent by the client to the 
first service and messages to be sent from the first service to the client to use said portion 
of the first service's capabilities. 

23. (Original) The client device as recited in claim 18, wherein the interface is further 
configured to receive a protected advertisement for the first service, wherein said 
protected advertisement provides an address to request said security credential, but does 
not provide said access interface document to access the first service. 

24. (Original) The client device as recited in claim 23, wherein the interface is further 
configured to send a request for said security credential to the address from said protected 
advertisement, wherein said request for said security credential includes an indication of 
a set of desired capabilities for the first service. 
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25. (Original) The client device as recited in claim 24, wherein said address from said 
protected advertisement is for an authentication service that determines a level of 
capabilities of the first service that client is authorized to access and generates said 
security credential to grant access for the client to said portion of the first service's 
capabilities. 

26. (Original) The client device as recited in claim 25 , wherein said portion of the first 
service's capabilities is the lesser of said level of capabilities and said set of desired 
capabilities. 

27. (Original) The client device as recited in claim 25, wherein the interface is 
configured to receive said capability credential from said authentication service. 

28. (Original) The client device as recited in claim 23, wherein said protected 
advertisement further provides an address to request said access interface document to 
access the first service, wherein the interface is configured to use said capability 
credential to request an access interface document by sending an advertisement request 
message to said address to request said access interface document. 

29. (Original) The client device as recited in claim 23, wherein the interface is 
configured to receive said protected advertisement from a space service, wherein said 
space service comprises protected advertisements for a plurality of services including the 
first service, wherein each protected advertisement specifies an address for request a 
security credential to allow access to a corresponding service. 

30. (Original) The client device as recited in claim 18, wherein said access interface 
document comprises a schema defining messages for accessing said portion of the first 
service's capabilities, wherein the interface is configured to use the information from said 
access interface document to access a capability by sending a message according to said 
schema to the first service. 
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31. (Original) The client device as recited in claim 30, wherein said message includes 
said capability credential so that the first service may use said capability credential to 
authenticate said message as from the client. 

32. (Original) The client device as recited in claim 18, wherein said access interface 
document comprises a message schema defining messages for accessing said portion of 
the first service's capabilities, wherein the interface is configured to use the information 
from said access interface document to access a capability by using said access interface 
document to construct a message gate in the client device for sending messages to the 
first service, wherein the message gate embeds said capability credential in each message. 

33. (Original) The client device as recited in claim 32, wherein the message gate is 
configured to check each message for compliance with said message schema. 

34. (Original) The client device as recited in claim 33, wherein said message schema is 
an XML schema. 

35. (Original) A carrier medium comprising program instructions, wherein the program 
instructions are computer-executable on a client device to implement: 

receiving a capability credential, wherein said capability credential indicates that 
a client within the client device is allowed to access a portion of a first 
service's capabilities; 

using said capability credential to request an access interface document to access 
the first service; 

receiving said access interface document, wherein said access interface document 
comprises an interface for accessing only said portion of the first service's 
capabilities; and 
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using the interface from said access interface document to access a capability 
from said portion of the first service's capabilities. 

36. (Original) The carrier medium as recited in claim 35, wherein said using said 
capability credential to request an access interface document comprises sending an 
advertisement request message in a data representation language, wherein said 
advertisement request message includes said capability credential. 

37. (Original) The carrier medium as recited in claim 36, wherein said data 
representation language is extensible Markup Language (XML). 

38. (Original) The carrier medium as recited in claim 36, wherein the program 
instructions are computer-executable on the client device to further implement: 

receiving, in an advertisement request response message, a custom advertisement 
in response to sending said advertisement request message, wherein said 
custom advertisement is generated according to said portion of the first 
service's capabilities that said capability credential indicates the client is 
allowed to access. 

39. (Original) The carrier medium as recited in claim 38, wherein said custom 
advertisement specifies an XML schema defining messages to be sent by the client to the 
first service and messages to be sent from the first service to the client to use said portion 
of the first service's capabilities. 

40. (Currently Amended) The carrier medium as recited in claim 435, wherein the 
program instructions are computer-executable on the client device to further implement 
receiving a protected advertisement for the first service, wherein said protected 
advertisement provides an address to request said security credential, but does not 
provide said access interface document to access the first service. 
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41. (Original) The carrier medium as recited in claim 40, wherein the program 
instructions are computer-executable on the client device to further implement sending a 
request for said security credential to the address from said protected advertisement, 
wherein said request for said security credential includes an indication of a set of desired 
capabilities for the first service. 

42. (Original) The carrier medium as recited in claim 41, wherein said address from said 
protected advertisement is for an authentication service that determines a level of 
capabilities of the first service that client is authorized to access and generates said 
security credential to grant access for the client to said portion of the first service's 
capabilities. 

43. (Original) The carrier medium as recited in claim 42, wherein said portion of the first 
service's capabilities is the lesser of said level of capabilities and said set of desired 
capabilities. 

44. (Original) The carrier medium as recited in claim 42, wherein said receiving a 
capability credential comprises receiving said capability credential from said 
authentication service. 

45. (Original) The carrier medium as recited in claim 40, wherein said protected 
advertisement further provides an address to request said access interface document to 
access the first service, wherein said using said capability credential to request an access 
interface comprises sending an advertisement request message to said address to request 
said access interface document. 

46. (Original) The carrier medium as recited in claim 40, wherein said receiving a 
protected advertisement comprises receiving said protected advertisement from a space 
service, wherein said space service comprises protected advertisements for a plurality of 
services including the first service, wherein each protected advertisement specifies an 
address for request a security credential to allow access to a corresponding service. 
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47. (Original) The carrier medium as recited in claim 35, wherein said access interface 
document comprises a schema defining messages for accessing said portion of the first 
service's capabilities, wherein said using the interface from said access interface 
document to access a capability comprises sending a message according to said schema 
to the first service. 

48. (Original) The carrier medium as recited in claim 47, wherein said message includes 
said capability credential so that the first service may use said capability credential to 
authenticate said message as from the client. 

49. (Original) The carrier medium as recited in claim 35, wherein said access interface 
document comprises a message schema defining messages for accessing said portion of 
the first service's capabilities, wherein said using the interface from said access interface 
document to access a capability comprises the client using said access interface document 
to construct a message gate for sending messages to the first service, wherein the 
message gate embeds said capability credential in each message. 

50. (Original) The carrier medium as recited in claim 49, wherein the program 
instructions are computer-executable on the client device to further implement the 
message gate checking each message for compliance with said message schema. 

51. (Original) The carrier medium as recited in claim 50, wherein said message schema 
is an XML schema. 
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